Thursday, 2020-03-05

*** dklyle has joined #openstack-infra		00:02
*** yamamoto has joined #openstack-infra		00:02
corvus	w/win 12	00:04
corvus	grr	00:04
openstackgerrit	Clark Boylan proposed opendev/puppet-httpd master: Define params::ssl_path for vhost::proxy https://review.opendev.org/711365	00:05
clarkb	mordred: ^ also that fixes a puppet error on paste	00:05
openstackgerrit	Merged openstack/hacking master: [ussuri][goal] Drop python 2.7 support and testing https://review.opendev.org/705514	00:07
*** slaweq has joined #openstack-infra		00:11
ianw	i'm thinking i'll emergency file and shutdown files02.openstack.org and static-old.openstack.org ... nobody should notice anything but they'll just be a restart away. we can merge the inventory/puppet removal next week and then that will be it	00:12
clarkb	++	00:13
ianw	#status log files02.openstack.org & static-old.openstack.org hosts in emergency file and shutdown for retirement. old system-config configuration to be removed next week	00:16
openstackstatus	ianw: finished logging	00:16
mordred	clarkb: oh right	00:17
*** dklyle has quit IRC		00:19
*** toabctl has quit IRC		00:19
*** Tengu has quit IRC		00:20
*** Tengu has joined #openstack-infra		00:22
*** toabctl has joined #openstack-infra		00:22
*** dklyle has joined #openstack-infra		00:22
ianw	mordred: do you want to take a look at https://review.opendev.org/#/c/677903/ to make haproxy a more generic role, even though we didn't go with it for redirects? i still think it probably has value for future work	00:26
*** slaweq has quit IRC		00:27
ianw	#status log removed project.gittest volume (https://storyboard.openstack.org/#!/story/2006598 task #38841)	00:27
openstackstatus	ianw: finished logging	00:27
*** mattw4 has quit IRC		00:29
*** igordc has quit IRC		00:33
ianw	#status log removed logs.openstack.org and logs-dev.openstack.org CNAMES as there is nothing to serve any more ((https://storyboard.openstack.org/#!/story/2006598 task#37735)	00:34
openstackstatus	ianw: finished logging	00:34
openstackgerrit	Ian Wienand proposed opendev/system-config master: letsencrypt: Register email with accounts https://review.opendev.org/711133	00:52
openstackgerrit	Ian Wienand proposed opendev/system-config master: letsencrypt: add note on manual refresh of certificates https://review.opendev.org/711137	00:52
openstackgerrit	Ian Wienand proposed opendev/system-config master: ansible-lint : disable 503 https://review.opendev.org/711149	00:52
*** igordc has joined #openstack-infra		00:53
*** happyhemant has quit IRC		00:55
ianw	does anyone know if collect-container-logs is where we collect podman logs too?	00:56
ianw	oohhh, yes ok it is, i see	00:57
ianw	i think that podman-compose does not accurately report errors	00:58
clarkb	ianw: yup it iterates through podman and docker commands for grabbing container logs	01:08
clarkb	if the errors are compose side its probably the wrong layer to request logs for	01:09
clarkb	mordred: https://zuul.opendev.org/t/openstack/build/3efc22c4968b4767b07cae159ee4e318/log/applytest/puppetapplytest08.final.out.FAILED#121 I think it may not be the right parameter there?	01:10
clarkb	mordred: I think we want ensure => latest then something like revision => 'sha"	01:10
*** gyee has quit IRC		01:10
*** slaweq has joined #openstack-infra		01:11
openstackgerrit	Clark Boylan proposed opendev/puppet-lodgeit master: Allow pinning the lodgeit version https://review.opendev.org/711344	01:13
clarkb	mordred: ^ I think that may make it happy	01:13
*** slaweq has quit IRC		01:16
openstackgerrit	Ian Wienand proposed opendev/system-config master: letsencrypt: Register email with accounts https://review.opendev.org/711133	01:26
openstackgerrit	Ian Wienand proposed opendev/system-config master: letsencrypt: add note on manual refresh of certificates https://review.opendev.org/711137	01:26
openstackgerrit	Ian Wienand proposed opendev/system-config master: ansible-lint : disable 503 https://review.opendev.org/711149	01:26
openstackgerrit	Tristan Cacqueray proposed zuul/zuul master: Implement zookeeper-auth https://review.opendev.org/619156	01:31
*** lbragstad_ has joined #openstack-infra		01:34
openstackgerrit	Ian Wienand proposed opendev/system-config master: [wip] deploy nodepool-builder container https://review.opendev.org/710891	01:35
*** lbragstad has quit IRC		01:36
*** nhicher has quit IRC		01:38
*** nhicher has joined #openstack-infra		01:38
*** tkajinam has quit IRC		01:49
*** tkajinam has joined #openstack-infra		01:50
ianw	clarkb: is this expected? 2020-03-05 02:02:24.187543 \| localhost \| Provider: airship-kna1	02:04
clarkb	ianw: the cloud you mean? ya	02:06
clarkb	we carved out a small chunk of it for general use (to ensure things are generally working)	02:06
*** igordc has quit IRC		02:07
ianw	ahh, ok :)	02:08
*** slaweq has joined #openstack-infra		02:11
*** slaweq has quit IRC		02:16
*** Goneri has quit IRC		02:24
*** xinranwang has joined #openstack-infra		02:42
*** psachin has joined #openstack-infra		02:50
*** roman_g has quit IRC		02:53
*** raukadah is now known as chandankumar		03:02
*** lbragstad_ has quit IRC		03:09
*** slaweq has joined #openstack-infra		03:11
*** nicolasbock has joined #openstack-infra		03:12
*** slaweq has quit IRC		03:16
openstackgerrit	Ian Wienand proposed opendev/system-config master: [wip] deploy nodepool-builder container https://review.opendev.org/710891	03:34
*** larainema has joined #openstack-infra		03:44
*** apetrich has quit IRC		04:00
*** udesale has joined #openstack-infra		04:09
*** slaweq has joined #openstack-infra		04:11
*** slaweq has quit IRC		04:16
*** rlandy\|bbl is now known as rlandy		04:29
*** nicolasbock has quit IRC		04:30
*** rlandy has quit IRC		04:53
*** ykarel\|away is now known as ykarel		04:55
*** zxiiro has joined #openstack-infra		05:00
*** rkukura has quit IRC		05:06
*** rkukura has joined #openstack-infra		05:07
*** slaweq has joined #openstack-infra		05:11
openstackgerrit	Ian Wienand proposed opendev/system-config master: Collect docker logs as root https://review.opendev.org/710885	05:15
*** LiangFang has joined #openstack-infra		05:19
*** udesale has quit IRC		05:31
openstackgerrit	Ian Wienand proposed opendev/system-config master: [wip] deploy nodepool-builder container https://review.opendev.org/710891	05:32
*** evrardjp has quit IRC		05:35
*** evrardjp has joined #openstack-infra		05:35
LiangFang	hi, I want to create a repo under openstack namespace, like openstack/devstack-plugin-open-cas	05:38
*** slaweq has quit IRC		05:38
LiangFang	could anyone guide me how to create the repo? thanks	05:38
*** udesale has joined #openstack-infra		05:39
*** factor has quit IRC		05:47
*** factor has joined #openstack-infra		05:48
AJaeger	LiangFang: we have a manual for that, see https://docs.openstack.org/infra/manual/creators.html	06:02
AJaeger	infra-root, I cannot connect to zuul-ci.org, I get connection timeouts ;(	06:02
AJaeger	LiangFang: Not that for the openstack namespace, the repo needs to be part of an official team.	06:03
LiangFang	AJaeger: thanks	06:14
LiangFang	AJaeger: I still cannot find the method to create repo. This page shows how to choose the project name and how to add owner, something like that.	06:17
LiangFang	AJaeger: Could you please paste the words that shows how to create repo here? thanks	06:18
*** weshay\|ruck has quit IRC		06:36
*** weshay has joined #openstack-infra		06:36
*** weshay has quit IRC		06:40
*** weshay has joined #openstack-infra		06:40
*** otherwiseguy has quit IRC		06:41
*** otherwiseguy has joined #openstack-infra		06:42
*** threestrands has quit IRC		06:48
*** dannins has joined #openstack-infra		06:59
*** ccamacho has quit IRC		07:02
*** weshay has quit IRC		07:13
*** weshay_ has joined #openstack-infra		07:16
*** jcapitao_off has joined #openstack-infra		07:20
*** matt_kosut has quit IRC		07:21
*** jcapitao_off is now known as jcapitao		07:22
AJaeger	LiangFang: the whole document is a howto on how to create one using our tools and review process. To create one, you basically need to submit a review to gerrit and the document explains what to be aware of. There's no shortcut.	07:29
AJaeger	LiangFang: There's no single button to create a repo, it's a normal review step in gerrit	07:30
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: List other Contributor Guides https://review.opendev.org/711393	07:32
*** otherwiseguy has quit IRC		07:34
*** weshay_ has quit IRC		07:34
*** weshay_ has joined #openstack-infra		07:34
*** matt_kosut has joined #openstack-infra		07:35
*** xinranwang has quit IRC		07:35
*** otherwiseguy has joined #openstack-infra		07:35
*** ykarel is now known as ykarel\|lunch		07:35
*** matt_kosut has quit IRC		07:37
*** matt_kosut has joined #openstack-infra		07:37
*** weshay_ has quit IRC		07:39
*** haleyb\|away has quit IRC		07:39
*** otherwiseguy has quit IRC		07:40
openstackgerrit	Benedikt Löffler proposed zuul/zuul master: Fix override variables in zuul_return https://review.opendev.org/711002	07:43
*** tetsuro has joined #openstack-infra		07:44
*** happyhemant has joined #openstack-infra		07:50
*** tesseract has joined #openstack-infra		07:52
*** otherwiseguy has joined #openstack-infra		07:56
*** weshay_ has joined #openstack-infra		07:56
*** iurygregory has joined #openstack-infra		07:56
larainema	hi infra team, I have a question related the check pipline py27 job to py36 job, we have a project https://opendev.org/x/networking-zvm, we want to drop the py27 job and enable py36 job in check pipline, how I can do it? just change the .zuul.yaml? but i didn't find the origin py27 job in .zuul.yaml	07:57
AJaeger	larainema: https://opendev.org/openstack/project-config/src/branch/master/zuul.d/projects.yaml#L5850 is the job	07:59
AJaeger	larainema: Remove that entry and add the jobs in-tree instead.	07:59
larainema	thanks AJaeger, just to confirm, i should add the jobs in .zuul.yaml under networking-zvm repo or add it still in project-config	08:01
frickler	AJaeger: zuul-ci.org points to files02, which ianw shut down. is that domain still used for anything? we probably missed moving it to the new setup, then	08:04
LiangFang	AJaeger: thanks, in order to create a repo, which repo should I submit review agaist? openstack / project-config?	08:06
*** ccamacho has joined #openstack-infra		08:11
AJaeger	larainema: add the job in .zuul.yaml in your repo, and remove the jobs from project-config	08:12
AJaeger	frickler: isn't zuul-ci.org the central Zuul landing page?	08:13
larainema	thanks AJaeger	08:13
AJaeger	LiangFang: yes, that's the one	08:14
AJaeger	frickler: so, yes, we need to fix zuul-ci. Hope it's the only place broken.	08:14
LiangFang	AJaeger: thank you	08:15
AJaeger	frickler, ianw, is it just the wrong DNS entry for zuul-ci.org? Or is more needed?	08:15
*** harlowja has quit IRC		08:15
*** tkajinam has quit IRC		08:16
AJaeger	Seems only DNS entry wrong, if I add "23.253.245.150 zuul-ci.org" to /etc/hosts, I can connect to zuul-ci.org	08:17
AJaeger	ianw: what needs to be done to chane the DNS entry?	08:21
*** ralonsoh has joined #openstack-infra		08:22
*** weshay_ has quit IRC		08:24
*** weshay has joined #openstack-infra		08:25
*** jpena\|off is now known as jpena		08:26
*** ykarel\|lunch is now known as ykarel		08:32
openstackgerrit	Dong Ma proposed openstack/project-config master: Remove networking-zvm entry https://review.opendev.org/711399	08:33
openstackgerrit	Felix Edel proposed zuul/zuul master: Allow check runs to be configured as required status in pipeline config https://review.opendev.org/711241	08:34
*** pgaxatte has joined #openstack-infra		08:36
*** matt_kosut has quit IRC		08:44
*** amoralej\|off is now known as amoralej		08:45
openstackgerrit	Felix Edel proposed zuul/zuul master: Allow check runs to be configured as required status in pipeline config https://review.opendev.org/711241	08:45
*** rpittau\|afk is now known as rpittau		08:46
*** yamamoto has quit IRC		08:47
*** ysastri has joined #openstack-infra		08:47
*** dchen has quit IRC		08:48
*** hashar has joined #openstack-infra		08:49
*** hashar_ has joined #openstack-infra		08:50
ianw	AJaeger: oh doh, we can fix that. i think i have a change out	08:52
*** hashar__ has joined #openstack-infra		08:53
*** hashar has quit IRC		08:54
*** hashar_ has quit IRC		08:55
*** andreykurilin has quit IRC		08:56
openstackgerrit	Ian Wienand proposed opendev/zone-zuul-ci.org master: Use static.opendev.org https://review.opendev.org/711403	08:56
*** andreykurilin has joined #openstack-infra		08:56
*** matt_kosut has joined #openstack-infra		08:58
*** matt_kosut has quit IRC		08:59
*** matt_kos_ has joined #openstack-infra		08:59
*** verdurin has quit IRC		09:00
openstackgerrit	Merged opendev/zone-zuul-ci.org master: git.zuul-ci.org : point to static.opendev.org https://review.opendev.org/710142	09:02
AJaeger	thanks, ianw !	09:02
*** hashar__ is now known as hashar		09:03
*** yamamoto has joined #openstack-infra		09:03
*** yamamoto has quit IRC		09:04
*** matt_kos_ has quit IRC		09:04
*** yamamoto has joined #openstack-infra		09:04
frickler	ianw: reviewing your DNS fix I noticed that there is no rDNS for the new static server, is this also still pending as a review somewhere?	09:05
openstackgerrit	Merged opendev/zone-zuul-ci.org master: Use static.opendev.org https://review.opendev.org/711403	09:06
*** zxiiro has quit IRC		09:07
*** mwhahaha has quit IRC		09:07
*** gagehugo has quit IRC		09:07
*** Shrews has quit IRC		09:07
*** dayou has quit IRC		09:07
*** rosmaita has quit IRC		09:07
*** auristor has quit IRC		09:08
*** stevebaker has quit IRC		09:08
*** iokiwi has quit IRC		09:08
*** tinwood has quit IRC		09:08
*** irclogbot_0 has quit IRC		09:08
*** portdirect has quit IRC		09:08
*** StevenK has quit IRC		09:08
*** jaicaa has quit IRC		09:08
ianw	frickler: hrm, i might be able to do that via the rax interface	09:08
ianw	frickler: ok, added via the webui	09:10
frickler	ianw: cool, though to be 100% correct we'd maybe rather want static01 as hostname?	09:11
*** verdurin has joined #openstack-infra		09:12
ianw	sure, seems reasonable, updated	09:12
*** Lucas_Gray has joined #openstack-infra		09:13
*** matt_kosut has joined #openstack-infra		09:13
*** matt_kosut has quit IRC		09:18
openstackgerrit	Felix Edel proposed zuul/zuul master: Don't rely on report-build-page when building the buildset result url https://review.opendev.org/711406	09:19
openstackgerrit	Luigi Toscano proposed openstack/cookiecutter master: Fix links formatting for the contributing documentation https://review.opendev.org/711407	09:22
openstackgerrit	Ian Wienand proposed opendev/system-config master: [wip] deploy nodepool-builder container https://review.opendev.org/710891	09:23
*** apetrich has joined #openstack-infra		09:24
*** gfidente\|afk is now known as gfidente		09:25
*** tosky has joined #openstack-infra		09:25
ianw	AJaeger/frickler: i'm seeing zuulci / zuul-ci ok now, do you agree?	09:28
*** tetsuro has quit IRC		09:29
AJaeger	ianw: here as well - thanks	09:31
ianw	sorry about that ... i'm out for this evening, ttyl	09:32
AJaeger	ianw: enjoy!	09:34
*** sshnaidm\|afk is now known as sshnaidm		09:37
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: OpenDev Update for Creator's Guide https://review.opendev.org/711411	09:40
openstackgerrit	Andreas Jaeger proposed openstack/project-config master: Move diskimage-builder to #opendev https://review.opendev.org/711412	09:43
AJaeger	frickler: here's the one move you suggested, any others, best push yourself ^	09:43
*** zxiiro has joined #openstack-infra		09:43
*** mwhahaha has joined #openstack-infra		09:43
*** gagehugo has joined #openstack-infra		09:43
*** Shrews has joined #openstack-infra		09:43
*** dayou has joined #openstack-infra		09:43
*** rosmaita has joined #openstack-infra		09:43
*** auristor has joined #openstack-infra		09:43
*** stevebaker has joined #openstack-infra		09:43
*** iokiwi has joined #openstack-infra		09:43
*** tinwood has joined #openstack-infra		09:43
*** irclogbot_0 has joined #openstack-infra		09:43
*** portdirect has joined #openstack-infra		09:43
*** StevenK has joined #openstack-infra		09:43
*** jaicaa has joined #openstack-infra		09:43
*** openstackstatus has quit IRC		09:45
frickler	AJaeger: thanks, well we'll have to wait for the big cleanup to be merged first, I guess	09:59
openstackgerrit	Valentina Krasnobaeva proposed openstack/project-config master: Update jobs for networking-6wind https://review.opendev.org/711419	10:01
*** ociuhandu has joined #openstack-infra		10:03
AJaeger	frickler: or make it a followup to 106	10:05
*** roman_g has joined #openstack-infra		10:10
*** ociuhandu has quit IRC		10:13
*** derekh has joined #openstack-infra		10:13
*** Lucas_Gray has quit IRC		10:14
*** Lucas_Gray has joined #openstack-infra		10:15
*** jcapitao has quit IRC		10:20
*** jcapitao has joined #openstack-infra		10:21
*** psachin has quit IRC		10:23
*** dtantsur\|afk is now known as dtantsur		10:24
*** gshippey has joined #openstack-infra		10:24
*** jcapitao has quit IRC		10:32
*** jcapitao has joined #openstack-infra		10:33
*** ociuhandu has joined #openstack-infra		10:33
*** ociuhandu has quit IRC		10:38
*** hashar has quit IRC		10:38
brtknr	Hi all, is there a way to access GPU enabled VMs via Zuu?	10:47
brtknr	Hi all, is there a way to access GPU enabled VMs via Zuul?	10:47
*** jaicaa has quit IRC		10:48
*** udesale has quit IRC		10:49
*** Lucas_Gray has quit IRC		10:49
*** Lucas_Gray has joined #openstack-infra		10:51
*** jaicaa has joined #openstack-infra		10:51
*** matt_kosut has joined #openstack-infra		10:54
*** Lucas_Gray has quit IRC		10:58
*** Lucas_Gray has joined #openstack-infra		10:58
openstackgerrit	Sorin Sbarnea proposed zuul/zuul-jobs master: Tests bindep role on all-platforms https://review.opendev.org/708704	11:00
*** Lucas_Gray has quit IRC		11:06
*** ysastri has quit IRC		11:09
openstackgerrit	Sorin Sbarnea proposed zuul/zuul-jobs master: Improve ensure-tox role https://review.opendev.org/708642	11:13
openstackgerrit	Dmitriy Rabotyagov (noonedeadpunk) proposed opendev/lodgeit master: Removes unnecessary utf-8 encoding https://review.opendev.org/418748	11:17
openstackgerrit	Sorin Sbarnea proposed opendev/gear master: tox: enable extra python versions https://review.opendev.org/703418	11:18
*** slaweq has joined #openstack-infra		11:18
*** ociuhandu has joined #openstack-infra		11:20
*** rpittau is now known as rpittau\|bbl		11:27
*** Lucas_Gray has joined #openstack-infra		11:27
*** tesseract-RH has joined #openstack-infra		11:40
*** tesseract has quit IRC		11:43
*** nicolasbock has joined #openstack-infra		11:47
*** ociuhandu has quit IRC		11:47
*** zxiiro has quit IRC		11:48
*** ociuhandu has joined #openstack-infra		11:48
*** ijw_ has quit IRC		11:54
*** jcapitao is now known as jcapitao_lunch		11:54
*** ijw has joined #openstack-infra		11:55
*** rlandy has joined #openstack-infra		12:02
*** tetsuro has joined #openstack-infra		12:03
mgoddard	I think ansible 2.9.6 has broken openstack modules	12:05
mgoddard	Seeing this sort of thing everywhere:	12:05
mgoddard	https://b317bafa0db642d61e9b-babe6b68bec526aecbe80deed799da2b.ssl.cf2.rackcdn.com/711295/3/check/kolla-ansible-centos-source/b02cb5e/primary/logs/ansible/deploy	12:05
mgoddard	(also on py3)	12:05
*** tetsuro has quit IRC		12:06
*** amoralej is now known as amoralej\|lunch		12:06
openstackgerrit	Benedikt Löffler proposed zuul/zuul master: Fix override variables in zuul_return https://review.opendev.org/711002	12:07
*** jpena is now known as jpena\|lunch		12:09
*** dpawlik has quit IRC		12:14
*** dpawlik has joined #openstack-infra		12:15
*** slaweq has quit IRC		12:18
*** jcapitao_lunch has quit IRC		12:19
*** jcapitao_lunch has joined #openstack-infra		12:21
*** dpawlik has quit IRC		12:22
*** dpawlik has joined #openstack-infra		12:36
*** rkukura has quit IRC		12:45
*** rkukura has joined #openstack-infra		12:46
openstackgerrit	Eric Fried proposed opendev/gerritbot master: Refactor ChannelConfig with channels_for https://review.opendev.org/545469	12:51
openstackgerrit	Benedikt Löffler proposed zuul/zuul master: Fix override variables in zuul_return https://review.opendev.org/711002	12:51
*** Lucas_Gray has quit IRC		12:55
openstackgerrit	Benedikt Löffler proposed zuul/zuul master: Fix override variables in zuul_return https://review.opendev.org/711002	12:56
*** ociuhandu has quit IRC		13:01
*** ahosam has joined #openstack-infra		13:01
*** yamamoto has quit IRC		13:03
*** dave-mccowan has joined #openstack-infra		13:10
*** rh-jelabarre has joined #openstack-infra		13:13
*** udesale has joined #openstack-infra		13:14
*** jcapitao_lunch is now known as jcapitao		13:15
*** jamesmcarthur has joined #openstack-infra		13:20
*** rh-jelabarre has quit IRC		13:21
*** rh-jelabarre has joined #openstack-infra		13:21
*** takamatsu has joined #openstack-infra		13:22
*** hashar has joined #openstack-infra		13:22
*** ociuhandu has joined #openstack-infra		13:28
*** matt_kosut has quit IRC		13:31
*** ociuhandu has quit IRC		13:31
*** ociuhandu has joined #openstack-infra		13:31
*** matt_kosut has joined #openstack-infra		13:34
*** jamesmcarthur has quit IRC		13:38
*** matt_kosut has quit IRC		13:39
*** jamesmcarthur has joined #openstack-infra		13:40
*** yamamoto has joined #openstack-infra		13:40
*** cgoncalves has quit IRC		13:41
*** cgoncalves has joined #openstack-infra		13:45
*** jamesmcarthur has quit IRC		13:45
*** rpittau\|bbl is now known as rpittau		13:45
*** jcoufal has joined #openstack-infra		13:54
*** jcoufal has quit IRC		13:54
*** yamamoto has quit IRC		13:55
*** jcoufal has joined #openstack-infra		13:55
*** yamamoto has joined #openstack-infra		13:57
*** yamamoto has quit IRC		14:05
*** yamamoto has joined #openstack-infra		14:05
*** yamamoto has quit IRC		14:05
*** jamesmcarthur has joined #openstack-infra		14:09
*** lbragstad has joined #openstack-infra		14:13
*** auristor has quit IRC		14:14
*** jamesmcarthur has quit IRC		14:15
*** matt_kosut has joined #openstack-infra		14:17
*** auristor has joined #openstack-infra		14:18
*** matt_kosut has quit IRC		14:22
*** ykarel is now known as ykarel\|away		14:27
*** jpena\|lunch is now known as jpena		14:29
*** amoralej\|lunch is now known as amoralej		14:31
*** Goneri has joined #openstack-infra		14:31
*** hashar has quit IRC		14:32
*** hashar has joined #openstack-infra		14:32
*** ociuhandu has quit IRC		14:33
*** ociuhandu has joined #openstack-infra		14:33
*** haleyb has joined #openstack-infra		14:35
openstackgerrit	Valentina Krasnobaeva proposed openstack/project-config master: zuul.d/projects.yaml: remove x/networking-6wind entry https://review.opendev.org/711419	14:35
*** jamesmcarthur has joined #openstack-infra		14:35
openstackgerrit	Valentina Krasnobaeva proposed openstack/project-config master: zuul.d/projects.yaml: remove x/networking-6wind entry https://review.opendev.org/711419	14:35
*** ociuhandu has quit IRC		14:38
*** ahosam has quit IRC		14:38
*** cgoncalves has quit IRC		14:39
*** cgoncalves has joined #openstack-infra		14:40
*** jamesmcarthur has quit IRC		14:41
*** jcapitao has quit IRC		14:42
*** jamesmcarthur has joined #openstack-infra		14:42
*** jcapitao has joined #openstack-infra		14:44
*** haleyb is now known as haleyb\|away		14:50
*** jamesmcarthur has quit IRC		14:58
openstackgerrit	Monty Taylor proposed openstack/project-config master: Run openstacksdk functional jobs on ansible 2.8 and 2.9 https://review.opendev.org/711474	14:58
*** jamesmcarthur has joined #openstack-infra		14:58
corvus	brtknr: i don't believe any of our current nodesets have gpus; out of curiosity, what do you need them for?	15:03
*** ociuhandu has joined #openstack-infra		15:07
*** gfidente has quit IRC		15:08
AJaeger	infra-root, could you review some of the Infra Manual changes for OpenDev, please? https://review.opendev.org/#/q/project:openstack/infra-manual+is:open	15:09
mordred	corvus, brtknr: I agree, I do not believe we have any - but I think at least vexxhost has that ability and I seem to remember that mnaser has provided some nodes to another project?	15:11
*** hashar has quit IRC		15:16
fungi	mnaser did ask at one point if we wanted some gpu flavors to try stuff out	15:16
fungi	no idea if that offer still stands	15:16
AJaeger	thanks, corvus !	15:17
AJaeger	I think we got to nodes from mnaser , looking at project-config/nodepool	15:18
AJaeger	to -> two nodes	15:18
*** jaosorior has quit IRC		15:20
*** ramishra has quit IRC		15:21
openstackgerrit	Merged openstack/infra-manual master: Move CLA section to contributor guide https://review.opendev.org/711286	15:22
openstackgerrit	Merged openstack/infra-manual master: opendev: Update index page https://review.opendev.org/711302	15:22
openstackgerrit	Merged openstack/infra-manual master: Cleanup Gerrit Approval event note https://review.opendev.org/711303	15:22
*** ramishra has joined #openstack-infra		15:23
openstackgerrit	Merged openstack/infra-manual master: Update core.rst for two +2 policy https://review.opendev.org/711329	15:23
openstackgerrit	Merged openstack/infra-manual master: opendev: Update irc.rst https://review.opendev.org/711306	15:23
mnaser	We can provide them but they are very limited.	15:23
*** jamesmcarthur has quit IRC		15:23
mnaser	They’re super pricey :)	15:23
openstackgerrit	Merged openstack/infra-manual master: Remove python manual page https://review.opendev.org/711308	15:24
openstackgerrit	Merged openstack/infra-manual master: Update sandbox for OpenDev https://review.opendev.org/711312	15:24
openstackgerrit	Merged openstack/infra-manual master: Update testing for OpenDev https://review.opendev.org/711313	15:24
openstackgerrit	Merged openstack/infra-manual master: Improve job naming convention docs https://review.opendev.org/711321	15:24
openstackgerrit	Merged openstack/infra-manual master: Point to Zuul docs for configuring jobs https://review.opendev.org/711325	15:24
openstackgerrit	Merged openstack/infra-manual master: Update python files for OpenDev https://review.opendev.org/711323	15:24
corvus	AJaeger: mostly +3s and 2 -1s :)	15:24
AJaeger	both helps ;)	15:26
fungi	mnaser: yeah, we haven't previously had anyone ask for gpu nodes either, so it doesn't seem particularly in demand for opendev	15:26
corvus	clarkb, mordred: topic:container-requires is ready when you have a minute -- i've rerun the tests after the base-jobs change merged and they're all clear (we can ignore the storyboard unit test failure)	15:26
AJaeger	thanks, corvus	15:26
*** jamesmcarthur has joined #openstack-infra		15:27
*** jamesmcarthur has quit IRC		15:36
openstackgerrit	James E. Blair proposed openstack/project-config master: Run openstacksdk functional jobs on ansible 2.8 and 2.9 https://review.opendev.org/711474	15:37
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Rework README.rst for OpenDev https://review.opendev.org/711324	15:37
corvus	mordred: ^ you spelled "openstacksdk" as "shade" :)	15:37
mordred	corvus: haha	15:38
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: OpenDev Update for Creator's Guide https://review.opendev.org/711411	15:38
AJaeger	corvus: great feedback, I pushed updates	15:39
corvus	logan-: the limestone mirror, 25c4df93-bcf5-460c-948a-bb66bb4b177b has been in reboot state for ~24 hours -- should we rebuild the server?	15:40
corvus	infra-root: ^ fyi	15:40
frickler	corvus: do we have any other contact for limestone? otherwise I'd agree we should simply rebuild it	15:42
corvus	AJaeger: lgtm!	15:42
AJaeger	thanks	15:42
mordred	corvus: in https://review.opendev.org/#/c/710116/2/.zuul.yaml ...	15:43
corvus	frickler: i'm unaware of other contacts	15:43
mordred	zuul is in the zuul tenant, but the python-base and python-builder images are built in the openstack tenant - will those requires ever be meanigful?	15:44
corvus	mordred: nope, but i'd like to leave them there anyway	15:44
mordred	kk	15:44
corvus	they don't hurt, and they're future-compatible with anything we might do to change that	15:44
corvus	mordred: if you want, we can add a comment saying they are currently noops	15:45
*** jamesmcarthur has joined #openstack-infra		15:45
*** jamesmcarthur has quit IRC		15:45
mordred	nah - mostly just double-checking my understanding	15:45
*** jamesmcarthur has joined #openstack-infra		15:45
corvus	k	15:45
*** ramishra has quit IRC		15:48
openstackgerrit	Felix Edel proposed zuul/zuul master: Provide some documentation for the checks API implementation https://review.opendev.org/711493	15:55
*** ociuhandu has quit IRC		15:55
*** jcapitao is now known as jcapitao_afk		15:56
*** ociuhandu has joined #openstack-infra		15:57
openstackgerrit	Felix Edel proposed zuul/zuul master: Make github file annotation levels configurable via zuul return https://review.opendev.org/711179	15:58
*** ociuhandu has quit IRC		16:02
*** ociuhandu has joined #openstack-infra		16:02
openstackgerrit	Merged openstack/infra-manual master: OpenDev Update for Creator's Guide https://review.opendev.org/711411	16:06
openstackgerrit	Merged openstack/infra-manual master: Rework README.rst for OpenDev https://review.opendev.org/711324	16:06
openstackgerrit	Merged openstack/infra-manual master: List other Contributor Guides https://review.opendev.org/711393	16:06
fungi	i need to go run some post-travel lunch errands but hope to start catching up this afternoon... bbiaw	16:07
*** jcapitao_afk is now known as jcapitao		16:10
*** mattw4 has joined #openstack-infra		16:11
*** jcapitao has quit IRC		16:12
openstackgerrit	Felix Edel proposed zuul/zuul master: Dequeue changes via github checks API https://review.opendev.org/709135	16:16
*** jcapitao has joined #openstack-infra		16:18
mordred	corvus: would you learn me something real quick?	16:18
*** gyee has joined #openstack-infra		16:18
mordred	corvus: in zuul/zuul - there is no explicit mention of opendev-buildset-registry - that's because build-image is, itself, a buildset-registry right?	16:18
mordred	corvus: but in system-config, we have an explicit opendev-buildset-registry job and dependencies on opendev-buildset-registry	16:19
*** KeithMnemonic1 has joined #openstack-infra		16:19
mordred	I think I'm still on first coffee - but my brain is refusing to tell me why one vs the other approach should be used	16:20
corvus	mordred: if 2 or more jobs in a project require a buildset registry, use an explicit registry job	16:21
corvus	(that way they all share a registry)	16:22
*** Lucas_Gray has joined #openstack-infra		16:23
*** KeithMnemonic has quit IRC		16:23
*** eharney has quit IRC		16:25
mordred	corvus: nod. so in zuul/zuul's case the only job we have using the registry is the quick-start	16:26
AJaeger	clarkb: all changes for the infra manual are merged thanks to corvus and mordred, check https://docs.openstack.org/infra/manual/ for current update.	16:27
corvus	mordred: yep	16:28
mordred	corvus: nod	16:28
corvus	mordred: it's probably not required -- i think we could have each job in system-config run its own registry and be fine. just seemed easier to think about.	16:28
mordred	corvus: I updated remote: https://review.opendev.org/711246 Build utility image for using osc with the new specific provides/requires stuff - look ok to you?	16:29
*** jcoufal has quit IRC		16:29
*** pgaxatte has quit IRC		16:31
*** ramishra has joined #openstack-infra		16:33
*** aedc_ has joined #openstack-infra		16:34
clarkb	AJaeger: mordred corvus thank you! bit of a dlow start today but almost ready to dig into the job deps/requires stuff	16:36
*** aedc has quit IRC		16:36
*** zxiiro has joined #openstack-infra		16:39
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update "Outbound Third-Party Testing" for OpenDev https://review.opendev.org/711508	16:41
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update "Outbound Third-Party Testing" for OpenDev https://review.opendev.org/711508	16:42
*** udesale has quit IRC		16:44
corvus	mordred: lgtm!	16:45
mordred	corvus: cool!	16:45
*** ccamacho has quit IRC		16:48
*** aedc_ has quit IRC		16:49
*** aedc_ has joined #openstack-infra		16:51
clarkb	corvus: I've approved all but https://review.opendev.org/#/c/710117/1 which needs its depends on to land first. I'm going to find breakfast but if those other changes land more quickly feel free to approve. I'll try to get it otherwise	16:52
*** matt_kosut has joined #openstack-infra		16:52
corvus	clarkb: thanks, i can take care of the +W	16:52
*** ociuhandu_ has joined #openstack-infra		16:54
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update "Code Review" for OpenDev https://review.opendev.org/711514	16:54
*** rcernin has quit IRC		16:55
*** aedc_ has quit IRC		16:56
*** ociuhandu has quit IRC		16:58
*** ociuhandu_ has quit IRC		16:59
*** tesseract-RH has quit IRC		17:01
clarkb	mnaser: AJaeger brtknr mordred to be clear we still have the vexxhost gpu flavors enabled in nodepool	17:09
clarkb	corvus: can you rereview https://review.opendev.org/#/c/711344/ now that it passes testing (to get the lodgeit stuff moving)	17:10
*** jackedin has joined #openstack-infra		17:10
clarkb	corvus: https://review.opendev.org/#/c/711345/2 too	17:10
openstackgerrit	Clark Boylan proposed opendev/puppet-httpd master: Define params::ssl_path for vhost::proxy https://review.opendev.org/711365	17:14
openstackgerrit	Clark Boylan proposed opendev/puppet-httpd master: Fix leading :: on class includes to make linter happy https://review.opendev.org/711517	17:14
corvus	clarkb: +3. i'm still unclear about whether we should be careless or careful approving changes, but i'll just follow mordred's lead on that ;)	17:16
mordred	corvus: I think we should be lessful	17:17
clarkb	corvus: we can let zuul be careful then we can be careless	17:17
mordred	clarkb: ++	17:17
clarkb	https://review.opendev.org/711365 and https://review.opendev.org/711517 are related as I discovered an error in the server's puppet logs when looking at this yesterday	17:17
openstackgerrit	Merged opendev/storyboard master: Use explicit provides/requires for container jobs https://review.opendev.org/710113	17:17
*** matt_kosut has quit IRC		17:18
*** jamesmcarthur_ has joined #openstack-infra		17:21
*** igordc has joined #openstack-infra		17:22
*** jamesmcarthur has quit IRC		17:24
*** matt_kosut has joined #openstack-infra		17:25
*** rpittau is now known as rpittau\|afk		17:25
*** jackedin has quit IRC		17:30
clarkb	mordred: corvus https://review.opendev.org/#/c/710885/ is related to testing with containers in system-cofnig land. I think both ianw and i have run into separate issues there	17:31
clarkb	but I think that change addresses those issues if you have a chance to look at it	17:31
clarkb	In other news we expect the airship citycloud kna region to be more reliable ~tomorrow	17:31
clarkb	apparently they had pulled hypervisors out for hardware issues and that was causing the scheduling erorrs	17:31
*** eharney has joined #openstack-infra		17:31
clarkb	if it doesn't get better in the near future the frankfurt region has been suggested as an alternative option	17:32
*** ociuhandu has joined #openstack-infra		17:32
*** evrardjp has quit IRC		17:35
*** evrardjp has joined #openstack-infra		17:35
*** ociuhandu has quit IRC		17:36
fungi	and if we need to send some folks to frankfurt, say around oktoberfest, i'm happy to volunteer	17:39
*** dtantsur is now known as dtantsur\|afk		17:40
openstackgerrit	Merged zuul/nodepool master: Use explicit provides/requires for container jobs https://review.opendev.org/710115	17:46
openstackgerrit	James E. Blair proposed ttygroup/gertty master: Fix error in message refresh https://review.opendev.org/711523	17:49
openstackgerrit	Merged opendev/system-config master: Use explicit provides/requires for container jobs https://review.opendev.org/710106	17:50
openstackgerrit	Merged opendev/puppet-lodgeit master: Allow pinning the lodgeit version https://review.opendev.org/711344	17:50
openstackgerrit	Merged opendev/system-config master: Pin lodgeit to the current version https://review.opendev.org/711345	17:50
*** derekh has quit IRC		18:00
mordred	woot	18:01
mordred	clarkb: https://review.opendev.org/#/c/684783/ should be safe to revie wnow	18:03
corvus	would it be a good idea to make all pastes private?	18:08
*** matt_kosut has quit IRC		18:08
clarkb	corvus: you mean using the randomized url pattern?	18:09
corvus	yep	18:09
clarkb	that may help deter the spammers, I would not be opposed	18:09
corvus	well, i dunno if it would or not, but i mostly don't see the value in being able to see pastes by guessing urls	18:09
*** jcapitao is now known as jcapitao_off		18:10
fungi	the main thing that does is get rid of folks enumerating paste index numbers to find what's in them	18:10
*** jamesmcarthur_ has quit IRC		18:10
fungi	i don't know that it does anything to deter spammers putting things in pastes	18:10
fungi	we set robots.txt to tell search engines not to index anything there anyway	18:10
openstackgerrit	Merged opendev/lodgeit master: Update URLs from openstack.org to opendev.org https://review.opendev.org/666475	18:10
corvus	right. my thought is it might save someone embarassment some day	18:11
fungi	yeah, for the record, i'm cool with it	18:11
*** slaweq has joined #openstack-infra		18:11
fungi	just saying i don't think it's a spam mitigation mechanism	18:12
openstackgerrit	Merged opendev/system-config master: Collect docker logs as root https://review.opendev.org/710885	18:12
fungi	(it certainly has other useful properties, such as pastes becoming private until you share their urls)	18:12
*** kaisers1 has quit IRC		18:15
*** jcapitao_off has quit IRC		18:15
*** chandankumar is now known as raukadah		18:18
*** ccamacho has joined #openstack-infra		18:20
*** Goneri has quit IRC		18:23
logan-	o/ noticed the limestone mirror had some issues yesterday. i'll look into that sometime before eow, but initially it looks like the compute node hosting the mirror is down. will update once I have a better idea of what the status is with it.	18:26
*** jpena is now known as jpena\|off		18:26
*** Goneri has joined #openstack-infra		18:27
clarkb	mordred: I believe https://review.opendev.org/#/c/684783/8/scripts/lodgeit.py has a bug in it. Details all in the change	18:28
*** kaisers has joined #openstack-infra		18:31
*** mattw4 has quit IRC		18:32
fungi	thanks for taking a look logan-!	18:32
*** mattw4 has joined #openstack-infra		18:32
*** Lucas_Gray has quit IRC		18:34
*** eharney has quit IRC		18:34
*** amoralej is now known as amoralej\|off		18:35
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Shrink "Peer Review" section https://review.opendev.org/711530	18:36
AJaeger	this is now a very brief "Peer Review" section, please do a peer review ^	18:37
*** mattw4 has quit IRC		18:37
AJaeger	config-core, two repos need their py27 jobs removed: https://review.opendev.org/711419 and https://review.opendev.org/711399 . Please review	18:38
*** mattw4 has joined #openstack-infra		18:38
*** diablo_rojo has quit IRC		18:40
*** diablo_rojo has joined #openstack-infra		18:42
*** hashar has joined #openstack-infra		18:46
*** slaweq has quit IRC		18:47
openstackgerrit	Merged openstack/project-config master: zuul.d/projects.yaml: remove x/networking-6wind entry https://review.opendev.org/711419	18:49
clarkb	mordred: have a moment for https://review.opendev.org/#/c/711365/2 and its parent (related to lodgeit puppet)	18:50
openstackgerrit	Merged openstack/project-config master: Remove networking-zvm entry https://review.opendev.org/711399	18:51
mordred	clarkb: ffs. I'm pretty sure we put :: on the front of those a while back to make a linter happy	18:52
clarkb	mordred: I think it was requiredin puppet 3 but then puppet 4 unrequired it. Then the linters in their infinite wisdom felt that meant you must now change it all again	18:53
clarkb	rather than "yay puppet made our lives easier cool" and leaving it at that	18:53
fungi	i think this just reminds us we're past due to rip out puppet	18:53
clarkb	gmann: I keep meaning to respond to your question about who should maintain e-r	18:54
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Remove "Eligibility to Vote in Elections" section https://review.opendev.org/711532	18:55
clarkb	gmann: I think e-r is an excellent tool and it would be great to make it a bit more generic (basically split out the input queries into config and not in the main repo and probably stuff in the UI) so that more than just openstack can feel like they can use it	18:55
clarkb	gmann: I know I don't really have time for that right now with all the other opendev stuff happening, but if that is something the qa team t hinks would also be useful I'd be happy to have them be more involved	18:55
*** gshippey has quit IRC		18:55
AJaeger	clarkb: IMHO now comes the tricky part with the infra manual, I'm therefore tackling section by section as you might have noticed...	18:57
*** ralonsoh has quit IRC		18:57
openstackgerrit	Merged openstack/infra-manual master: Shrink "Peer Review" section https://review.opendev.org/711530	18:58
AJaeger	clarkb: there're some parts I'm not sure about yet as well ;)	18:58
clarkb	AJaeger: ya I think we can take our time with the tricky parts and review them and make sure they make sense	18:59
AJaeger	clarkb: indeed. I'll think I'll take now an "easy" iteration next...	19:00
gmann	clarkb: yeah that is what I assumed. it is good to make it generic and moving openstack queries under separate config. I think it can be moved to opendev as it is and start improving. or you think we need to make it generic first from opendev point of view ?	19:00
clarkb	gmann: I don't think we have to make it generic first. I'm mostly just concerned wtih having an agreed upon plan is we are going to recruit new contributors	19:00
clarkb	(that way everyone agrees on some high level goals)	19:01
gmann	ok	19:02
clarkb	gmann: I think the top priority outside of simply maintaining the queries is to split the query set off into a config file/dir/repo	19:02
*** larainema has quit IRC		19:03
clarkb	we've also got a bug where it OOMs itself if the query result is too large so throttling that somehow would be good	19:03
clarkb	and then maybe update the UI to be multi tenant	19:03
clarkb	(so we don't have to run multiple UI instances)	19:03
*** harlowja has joined #openstack-infra		19:04
mordred	I think I have a shwarma deficiency that needs to be fixed	19:05
clarkb	I didn't realize I had a shwarma deficiency until just now	19:05
clarkb	which has quickly become a tacos al pastor deficiency	19:06
AJaeger	I'm sure I have a shwarma deficiency - since I never heard about that word before ;)	19:06
clarkb	AJaeger: Doner kebab is a derivative iirc	19:07
clarkb	(as is tacos al pastor)	19:07
AJaeger	clarkb: you mean Shawarma? Or is that now written shwarma?	19:07
mordred	yes. I just can't spell	19:07
mordred	https://en.wikipedia.org/wiki/Shawarma	19:07
AJaeger	all good, thanks ;)	19:08
*** jaosorior has joined #openstack-infra		19:08
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update Driver's Guide for OpenDev https://review.opendev.org/711534	19:19
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update Developer's Guide for OpenDev https://review.opendev.org/711536	19:32
AJaeger	clarkb, infra-root, enough infra-manual for me for today. Reviews or followup work welcome as usual ;)	19:32
openstackgerrit	Merged opendev/puppet-httpd master: Fix leading :: on class includes to make linter happy https://review.opendev.org/711517	19:37
openstackgerrit	Merged opendev/puppet-httpd master: Define params::ssl_path for vhost::proxy https://review.opendev.org/711365	19:37
*** ijw has quit IRC		19:37
*** eharney has joined #openstack-infra		19:48
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update Developer's Guide for OpenDev https://review.opendev.org/711536	19:49
clarkb	I settled for breakfast tacos as I had that at home	19:54
mordred	clarkb: not the ones that were sitting under the couch I hope	19:55
clarkb	mordred: no eggs and sausage were cooked	19:56
mordred	mmm	19:56
mordred	I went to Shawarma on the Go - which is located in a gas station - and is brilliant	19:56
clarkb	mordred: did you see then ote on the lodgeit python3 change? I want to make sure I'm not wrong there and maybe we can just update the change?	19:56
mordred	clarkb: I thnik you are right - and I also think it's ok it's just a utility not part of the code ... but we could also just update it like you mention	20:02
mordred	(I mean it's ok if we wanted to just do a followup)	20:03
clarkb	oh I see	20:04
clarkb	ya if its not part of the webserving I can go ahead and approve then push a followup	20:04
clarkb	ah its the pasting script so ya	20:05
clarkb	mordred: I went ahead and approved. Working on a followup now	20:06
mordred	cool. good catch on that	20:08
*** matt_kosut has joined #openstack-infra		20:09
*** ociuhandu has joined #openstack-infra		20:09
openstackgerrit	Clark Boylan proposed opendev/lodgeit master: Fix sort comparison function https://review.opendev.org/711544	20:10
clarkb	mordred: ^ there	20:10
mordred	+2	20:10
*** ijw has joined #openstack-infra		20:11
openstackgerrit	Merged opendev/lodgeit master: Fix python3 compatibility issue https://review.opendev.org/684783	20:12
*** matt_kosut has quit IRC		20:13
*** ociuhandu has quit IRC		20:25
openstackgerrit	Merged zuul/zuul master: Don't rely on report-build-page when building the buildset result url https://review.opendev.org/711406	20:28
openstackgerrit	Merged zuul/zuul master: Use explicit provides/requires for container jobs https://review.opendev.org/710116	20:28
*** ociuhandu has joined #openstack-infra		20:28
clarkb	AJaeger: left a couple of notes on https://review.opendev.org/#/c/711536/2 for tomorrow	20:30
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Update Developer's Guide for OpenDev https://review.opendev.org/711536	20:32
AJaeger	clarkb: thanks, updated	20:32
clarkb	I'll do a followup for the draft disablement	20:34
AJaeger	cool	20:34
openstackgerrit	Clark Boylan proposed openstack/infra-manual master: Document why drafts are disabled https://review.opendev.org/711550	20:36
*** trident has quit IRC		20:37
clarkb	that might be overly verbose	20:37
*** ociuhandu has quit IRC		20:37
*** ociuhandu has joined #openstack-infra		20:38
AJaeger	clarkb: let me do a small edit...	20:39
openstackgerrit	Andreas Jaeger proposed openstack/infra-manual master: Document why drafts are disabled https://review.opendev.org/711550	20:42
clarkb	wfm	20:43
*** ociuhandu has quit IRC		20:43
*** trident has joined #openstack-infra		20:47
*** hashar has quit IRC		20:48
*** sshnaidm is now known as sshnaidm\|afk		20:48
*** slaweq has joined #openstack-infra		20:48
*** rcernin has joined #openstack-infra		20:53
*** cgoncalves has quit IRC		20:53
AJaeger	team, we broke the upstream-translation-update job, see http://zuul.opendev.org/t/openstack/builds?job_name=upstream-translation-update	20:56
AJaeger	"The task includes an option with an undefined variable. The error was: 'afs' is undefined	20:56
*** cgoncalves has joined #openstack-infra		20:56
AJaeger	could somebody look into that, please? I guess its a fallout from the static.o.o cleanups...	20:57
clarkb	whats the need for afs in translation jobs?	20:57
clarkb	I'll look	20:57
AJaeger	clarkb: we upload the files to tarballs.o.o, maybe we forgot about that?	20:57
clarkb	ah that could be	20:58
*** jamesmcarthur has joined #openstack-infra		20:59
AJaeger	playbooks/publish/openstack-artifacts.yaml is a post-run playbook, guess that fails	20:59
AJaeger	sorry, have to leave now... thanks, clarkb	20:59
AJaeger	broken between 12th and 18th of February, according to http://zuul.opendev.org/t/openstack/builds?job_name=upstream-translation-update&project=openstack%2Fkeystone	21:01
clarkb	AJaeger: https://review.opendev.org/#/c/706734/2/zuul.d/jobs.yaml that change	21:03
clarkb	now that we know why it broke we can add back in the necessary secret I'll try to figure that out	21:03
corvus	ftr, i'm looking into this too, but it's complicated, so i think it's good for both clarkb and i to dig into it	21:03
AJaeger	clarkb: that merged on the 20th, but keystone failed already on the 18th	21:04
AJaeger	thanks, corvus	21:04
*** nicolasbock has quit IRC		21:05
clarkb	https://opendev.org/openstack/project-config/src/branch/master/playbooks/publish/openstack-artifacts.yaml#L12 is where that role is trying to write to	21:06
clarkb	but https://tarballs.opendev.org/openstack/translation-source/ is where we want to write to	21:06
corvus	clarkb: i think it's the cerate afs token above that which is failing	21:06
clarkb	corvus: ya, I'm just noting that if we fix that we'll start doing the wrong thing	21:07
corvus	oh	21:07
corvus	where should they go?	21:07
*** xek_ has quit IRC		21:07
corvus	oh nm, i just missed your second msg	21:07
clarkb	corvus: they go in https://tarballs.opendev.org/openstack/translation-source/$PROJECT_NAME	21:07
clarkb	I think we can address that with a different playbook for translations	21:08
clarkb	let me try mock some of this up (annd I'm sure it will need modification)	21:08
openstackgerrit	Andreas Jaeger proposed openstack/project-config master: Fix openstack-manuals sync https://review.opendev.org/711554	21:08
*** cgoncalves has quit IRC		21:10
openstackgerrit	Clark Boylan proposed openstack/project-config master: Fix afs publishing of translation sources https://review.opendev.org/711555	21:11
clarkb	AJaeger: corvus ^ I don't know that that is complete or correct but is what I've found so fafr	21:11
*** cgoncalves has joined #openstack-infra		21:11
AJaeger	clarkb: https://review.opendev.org/#/c/706733/ is the change that introduced it and broke it, so same file...	21:12
corvus	clarkb: i think that would work -- it's worth a check of the other playbooks in that job to make sure that they're safe for the afs secret, but they already have the zanata secret, so hopefully so	21:13
corvus	clarkb: i also left a comment	21:14
clarkb	corvus: ya and that job used an afs secret before so should be ok I think, will skim	21:14
corvus	clarkb: i don't think it used any other secret before; it relied on the fileserver ssh key secret in its parent	21:15
AJaeger	clarkb: thanks, nearly perfect ;)	21:15
clarkb	corvus: oh sorry it used the fileserver secreet https://review.opendev.org/#/c/706734/2/zuul.d/jobs.yaml	21:16
clarkb	corvus: that was ssh not afs	21:16
*** jamesmcarthur has quit IRC		21:16
corvus	clarkb: yep, sorry, you're right it did use a secret, and it was the ssh key	21:16
corvus	so this is pretty close to the same approach we had before, we're just doing the path change by forking the playbook rather than trying to have a variable for both	21:16
corvus	clarkb: i've skimmed the playbooks, and i don't see anything jump out at me	21:17
*** jamesmcarthur has joined #openstack-infra		21:18
corvus	clarkb: so i think if you take care of the 2 comments, that change is gtg	21:18
clarkb	corvus: ya seems to install tools that it needs (sphinx babel and our local scripts for interacting with zanta), then runs the zanata interaction, fetches the translations to the executor then copies to tarballs	21:18
*** exsdev0 has joined #openstack-infra		21:18
corvus	yep. the zanata script is controlled, and we're not running a sphinx build or anything	21:18
*** rcernin has quit IRC		21:18
*** eharney has quit IRC		21:18
*** dpawlik has quit IRC		21:18
openstackgerrit	Clark Boylan proposed openstack/project-config master: Fix afs publishing of translation sources https://review.opendev.org/711555	21:19
corvus	(a sphinx build could execute code to dump the cred, so that's something to watch out for)	21:19
AJaeger	when you're reviewing, have a look at 711554 as well, simple typo that broke another job - I checked openstack-manuals post jobs and both where broken ;(	21:19
*** exsdev has quit IRC		21:19
AJaeger	(translation was the other one), please	21:19
*** exsdev0 is now known as exsdev		21:19
clarkb	did fungi write that from baston?	21:19
clarkb	:)	21:19
ianw	mordred: if around would you mind looping back to the LE account email stack @ https://review.opendev.org/#/c/711149 ; addressed your comments	21:20
fungi	clarkb: write what?	21:20
clarkb	fungi: 'taget' instead of 'target'	21:20
* fungi wrote very little from the boston bastion		21:20
fungi	itym taahget	21:21
clarkb	right that :)	21:21
corvus	oh man you are not sending me to my happy place	21:21
corvus	though i do kinda want to listen to old car talk episodes now	21:22
AJaeger	corvus: the translation job runs sphinx-build, see https://opendev.org/openstack/openstack-zuul-jobs/src/branch/master/roles/prepare-zanata-client/files/common_translation_update.sh#L426	21:22
fungi	the car talk guys were (are?) awesome	21:23
corvus	fungi: 'were' these days :(	21:23
corvus	AJaeger: but that's distinct from the update job, yeah?	21:23
fungi	er, i meant to say, "wicked awesome" sorry	21:24
corvus	fungi: ray is still alive, but is decidedly retired, tom died a few years back	21:25
AJaeger	corvus: I think that's run in the job we looked at	21:25
fungi	:(	21:25
clarkb	AJaeger: corvus https://opendev.org/openstack/openstack-zuul-jobs/src/branch/master/roles/prepare-zanata-client/files/upstream_translation_update.sh#L115-L117 it is if there are sphinx docs	21:25
clarkb	(thats the script run by the upstream-translation job)	21:25
clarkb	is the gettext command safe though? since that isn't compiling the actual docs	21:26
clarkb	(But I don't know)	21:26
corvus	clarkb, AJaeger: oh "neat"	21:26
clarkb	https://www.sphinx-doc.org/en/master/man/sphinx-build.html#cmdoption-sphinx-build-b ya that is what it is doing, not sure yet of side effects	21:27
clarkb	the paragraphs at the top there imply that conf.py is evaluated though (which would be dangerous0	21:27
ianw	computer hardware specialist : c. colin backslash	21:28
mordred	ianw: is the secret in place already?	21:28
corvus	clarkb, AJaeger: we may want an extra job layer then....	21:29
ianw	mordred: no but if you're happy with the approach i can add it now	21:29
mordred	yeah - I think it looks good!	21:29
AJaeger	corvus: good that you've asked ;)	21:29
corvus	clarkb, AJaeger: though, i don't immediately have a way to exploit this	21:30
* AJaeger removed the +A from 711555		21:30
mordred	ianw: you might want to see frickler's comment on https://review.opendev.org/#/c/711137/7/doc/source/letsencrypt.rst@147	21:30
clarkb	I've WIP'd the change, while we sort out the risk	21:30
corvus	the secret shouldn't be written out anywhere yet, it only is written (later) on the executor, and something running in conf.py on a remote node shouldn't be able to spawn a process on the executor to watch for the keytab to show up.	21:31
* AJaeger really needs to sign off, will read backscroll tomorrow. Thanks!		21:31
corvus	AJaeger: thanks!	21:31
clarkb	corvus: I guess we have to confirm then that the keytab isn't used on the remote host?	21:31
clarkb	corvus: because I agree, I think the risk is having conf.py fork and poll for the data to show up (then email it or whatever)	21:31
corvus	clarkb: https://opendev.org/openstack/project-config/src/branch/master/playbooks/publish/openstack-artifacts.yaml#L12 is 'hosts: localhost'	21:31
clarkb	but if the data is never written to the remote I think we are safe	21:32
clarkb	corvus: ah right and the run.yaml copies the data to the executor	21:32
clarkb	so ya I think its ok	21:32
corvus	clarkb: yeah. and we're not like passing ansible vars as env vars to the sphinx executable.	21:32
corvus	clarkb: so i think it's okay. but the extra scrutiny was warranted.	21:33
ianw	mordred: ok, will fix after school run	21:33
ianw	mordred: if you're still in a reviewing mode; https://review.opendev.org/#/q/status:open+project:opendev/system-config+branch:master+topic:nodepool-legacy is a small stack to get a containerised nodepool-builder	21:33
clarkb	corvus: alright I'm removing the -W now	21:33
clarkb	corvus: do you want to approve or should I?	21:33
ianw	top patch is wip but actually i think works now (will re-run and see if we get the docker logs with the root change)	21:33
ianw	s/docker/podman/	21:33
corvus	clarkb: done	21:33
*** slaweq has quit IRC		21:33
ianw	mordred: largely based upon your prior work with review-dev, so any refactoring comments etc welcome	21:34
openstackgerrit	Merged opendev/base-jobs master: Remove docker-image provides/requires https://review.opendev.org/710117	21:39
mordred	ianw: cool!	21:41
*** michael-beaver has joined #openstack-infra		21:42
openstackgerrit	Ian Wienand proposed opendev/system-config master: letsencrypt: add note on manual refresh of certificates https://review.opendev.org/711137	21:50
openstackgerrit	Merged openstack/project-config master: Fix afs publishing of translation sources https://review.opendev.org/711555	21:56
*** mattw4 has quit IRC		22:04
*** mattw4 has joined #openstack-infra		22:04
openstackgerrit	Merged openstack/project-config master: Fix openstack-manuals sync https://review.opendev.org/711554	22:04
*** imacdonn has quit IRC		22:04
*** imacdonn has joined #openstack-infra		22:05
*** iurygregory has quit IRC		22:18
openstackgerrit	Merged opendev/system-config master: letsencrypt: Register email with accounts https://review.opendev.org/711133	22:23
corvus	infra-root: does this still exist? https://docs.openstack.org/infra/system-config/certificate_authority.html	22:30
*** matt_kosut has joined #openstack-infra		22:30
mordred	corvus: doesn't appear to	22:31
fungi	i don't believe so	22:31
clarkb	that might be something that wasn't properly migrated from the old host?	22:31
fungi	struggling to remember what it was even used for	22:31
corvus	we are, however, using ssl certs with gearman	22:31
fungi	oh, maybe that was it	22:32
clarkb	fungi: ^ it was gearman iirc	22:32
fungi	yeah, i faintly recall that	22:32
corvus	we send decrypted secrets over the wire via that	22:32
corvus	ok. well, docs should stay, and i guess next time we need to do that, we can just recreate it :)	22:33
ianw	or use LE?	22:33
mordred	corvus: should we just use LE?	22:33
fungi	noted	22:33
clarkb	can you use LE to sign client certs?	22:33
mordred	I don't know	22:33
clarkb	in this case its doing mutual auth	22:33
* fungi hears an le chorus in three-part harmony		22:33
corvus	i do not understand how to use le for this; does someone here know that?	22:33
clarkb	and I thought that was basically a "is your cert signed by the authority I expect"	22:33
clarkb	I think with LE that would mean any LE cert could auth and that is undesireable	22:34
clarkb	(I'm happy to be wrong on that though)	22:34
mordred	the internet says we cannot use LE for this	22:34
fungi	i suspect if that's the only use case, self-signed certs would also work and be simpler?	22:34
corvus	(it's unclear to me whether "or use LE?" is "corvus, i think you could use LE, why don't you want to use that?" or "corvus, i don't know if this is relevant, but have you thought about using LE?"	22:35
mordred	for the reason that clarkb just said	22:35
*** matt_kosut has quit IRC		22:35
mordred	corvus: from me it was the second - and now that I've asked I have come to believe that thinking about LE for this use case instead is a Bad Idea	22:35
mordred	so I'm back around to being ++ on "corvus>ok. well, docs should stay, and i guess next time we need to do that, we can just recreate it :)"	22:36
corvus	mordred: ack	22:37
corvus	i'll think about whether the same restrictions apply to zk	22:37
mordred	corvus: I thnik they might for the quorum tls - but I admittedly have only read those docs once	22:38
corvus	mordred: yeah, that's the impression i'm getting	22:39
mordred	corvus: there'sa. lot of java words in those docs	22:39
mordred	but I think I'm parsing and translating them right	22:39
ianw	yeah i'd have to look into it, but it seems you could authenticate the remote side had authenticated it's dns name; which i have a feeling might be enough	22:39
corvus	mordred: yeah, it's not easy.	22:39
corvus	ianw: that means we'd be trusting reverse dns (which some clouds don't even provide) for authentication	22:40
corvus	(in order for the server to verify a client)	22:41
corvus	(plus, i don't think geard actually does that)	22:41
corvus	so, without modification to geard, the most we could do is say that any LE cert is allowed to be a client of zuul's gearman	22:42
corvus	and i don't think that's desirable	22:42
ianw	corvus: i'm just throwing ideas here, because i don't know. just in theory, if you trust "gearman01.x.com" and you're presented with a cert signed by LE with that covers that domain, then that host must have either validated itself as such, or somehow otherwise got that certificate	22:42
corvus	ianw: oh, sure, we could modify geard to take a whitelist of certs	22:43
corvus	but, believe it or not, geard is mostly compatible with gearmand at this point, i don't think that's worth forking over	22:43
clarkb	I'm popping out for a bike ridrwith that largely settled	22:45
*** tkajinam has joined #openstack-infra		22:45
corvus	also, x.com takes me back to last century	22:45
ianw	so it only trusts at a CA level?	22:45
corvus	ianw: yep	22:45
openstackgerrit	Merged opendev/system-config master: letsencrypt: add note on manual refresh of certificates https://review.opendev.org/711137	22:48
ianw	"If you are not paying for a certificate authority to generate a certificate for you, you will first need to generated a CA for gearmand: ..." on http://gearman.info/gearmand/ssl.html implies maybe you can use a 3rd party	22:48
ianw	that site also doesn't have https ... so ...	22:48
openstackgerrit	Ian Wienand proposed opendev/system-config master: ansible-lint : disable 503 https://review.opendev.org/711149	22:57
*** mattw4 has quit IRC		23:04
*** mattw4 has joined #openstack-infra		23:05
*** ociuhandu has joined #openstack-infra		23:07
*** rh-jelabarre has quit IRC		23:11
*** ociuhandu has quit IRC		23:11
*** jamesmcarthur has quit IRC		23:14
*** mattw4 has quit IRC		23:18
*** mattw4 has joined #openstack-infra		23:19
*** jamesmcarthur has joined #openstack-infra		23:20
*** dchen has joined #openstack-infra		23:22
fungi	any reason you can't set each client's cert as a ca too, so that self-signed certs would work? of course you'd need to update the list of trusted authorities each time you added/replaced a client	23:24
*** jamesmcarthur has quit IRC		23:32
clarkb	fungi: I think that would work if you allowed for setting multiple CA	23:59

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!